Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0071 Security vulnerabilities patched in Microsoft development tools 11 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ChakraCore Microsoft Visual Studio Microsoft Wireless Keyboard 850 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Read-only Data Access -- Remote with User Interaction Unauthorised Access -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2018-8117 CVE-2018-1037 CVE-2018-1023 CVE-2018-1019 CVE-2018-0995 CVE-2018-0994 CVE-2018-0993 CVE-2018-0990 CVE-2018-0980 CVE-2018-0979 Member content until: Friday, May 11 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of April 2018. [1] This update resolves 10 vulnerabilities across the following products: ChakraCore Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 Version 15.6.6 Microsoft Visual Studio 2017 Version 15.7 Preview Microsoft Wireless Keyboard 850 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-0979 Remote Code Execution Critical CVE-2018-0980 Remote Code Execution Critical CVE-2018-0990 Remote Code Execution Critical CVE-2018-0993 Remote Code Execution Critical CVE-2018-0994 Remote Code Execution Critical CVE-2018-0995 Remote Code Execution Critical CVE-2018-1019 Remote Code Execution Critical CVE-2018-1023 Remote Code Execution Critical CVE-2018-1037 Information Disclosure Important CVE-2018-8117 Security Feature Bypass Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4089501, KB4089283, KB4091346, KB4087371 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWs1uy4x+lLeg9Ub1AQjqzg/+NxHoG5K6QaRKaapPWk7ItvEdVA9ua2CK zRnd1yC2kzZkFZDDY+u/Jq0+LB+rz7NQo3hrBSyYx0kmQ/dhnMD2Bt6Drkg0Y3FR iAX5vJd2UdmSDEajpyENIpt+TiP5R01NGKLBX4P7uATFISnPv20QLgZXQt/Of+vQ VCBPdVUDP2/QH+6mIl9My6iX3e+WA8AcZay/zxvNanSwdydO4KsfgbXFuTlvvosW q6ND/kHc73TxepJfGUvntxdgzOKoThFbvYLn61F02iZydZShya9LrsJCd4Esb2PH +vobxxg1bzFNTJxjMjzjfcm5QbgxFC9KAx20ZS93Ye/Z3Hirxi03osMQk5WatemP VAbTWtgrKZ2NNuTVd4n8V8ME7fFjlzK3tEIqPJPda9QbdSJiaOvgMfEcXB/3sJ50 G+pxEaPBwSuJ/7OpIvzy4OG7gyf8ksrn4R2PRN+2FVIeez6qy2sySZW8aqS2+6yk TnUzhVwj20sitBNVk+6nfg6hmwOaGH19gu/1oT6HNCOXQ5sCeXX7z3sq2SgVpIdW 0zLG5KzjCu2gPpa+pgr+28QytoKIcgFyQNRlPFiL8+e+9ym8kgHTtCM4cc/pDYNL hi3SMt9/iPmGCVyH7RmS3xku5kxdawv1suG0QtUlsyaahoEZ6MEqnXLMoJ+jiuvw ExaZtzPBx0w= =9R1m -----END PGP SIGNATURE-----